caddy-tlsconsul

Normally, Caddy uses local filesystem to store TLS data when it auto-generates certificates from a CA like Lets Encrypt.Starting with 0.11.x Caddy can work in cluster environments where TLS storage path is shared across servers. This is a great improvement but you need to take care of mounting a centeralized storage on every server. If you have an already running Consul cluster it can be easier to use it's KV store to save certificates and make them available to all Caddy instances.

This plugin enables Caddy to store TLS data like user key and certificates in Consul's KV store. This allows you to use Caddy in a cluster or multi machine environment with a centralized storage for auto-generated certificates.

With this plugin it is possible to use multiple Caddy instances with the same HTTPS domain for instance with DNS round-robin.

It works with recent versions of Caddy 0.10.xAll data that is saved in KV store is encrypted using AES.

Installation

You need to compile Caddy by yourself to use this plugin. Alternativly you can use my Docker image that already includes Consul KV storage, more infos below.